inc-ops-notifications - [InCommon NOTICE] A recommendation when updating Shibboleth IdP
Subject: InCommon Operations Notifications
List archive
- From: Nick Roy <>
- To:
- Subject: [InCommon NOTICE] A recommendation when updating Shibboleth IdP
- Date: Fri, 14 Jul 2017 13:20:12 -0600
- Authentication-results: incommon.org; dkim=none (message not signed) header.d=none;incommon.org; dmarc=none action=none header.from=internet2.edu;
- Ironport-phdr: 9a23:ub8vPBb/EkzcOQt7g8URQzr/LSx+4OfEezUN459isYplN5qZpsS7bnLW6fgltlLVR4KTs6sC0LWG9f24EUU7or+/81k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i762xdJRU66bVY9ZrmtW92as8Pi1ua5vprLeEBOgya8b7J5JQm3qgPKnsgQioxnL6E3jBzTrShmYeNTkEVpLlHbpRHtrpO25ply2yVWp/878cNcC+P3c7luHu8QNygvL21gvJ6jjhLEVwbauyMR
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Hello,
Some InCommon Service Providers have recently encountered issues with
those upgrading their Shibboleth IdP deployments but not preserving the
salt value used to generate SAML persistent nameID/eduPersonTargetedID
values. When you upgrade Shibboleth IdP, there is a salt value that is
used in the generation of these identifiers that _must_ be copied over
to your new installation. Not doing this will cause Service Providers
which rely on these forms of identifiers to see your users as a totally
different set of identities. One easy way to avoid this problem is to
choose an in-place upgrade option for Shibboleth IdP. More information
may be found at:
https://wiki.shibboleth.net/confluence/display/IDP30/Upgrading
Thank you,
Nick Roy
Director of Technology and Strategy, InCommon
- [InCommon NOTICE] A recommendation when updating Shibboleth IdP, Nick Roy, 07/14/2017
Archive powered by MHonArc 2.6.19.